Wednesday , 25 December 2024
Home Kripto India’s Rapido Website Feedback Form Exposed Sensitive User and Driver Data
Kripto

India’s Rapido Website Feedback Form Exposed Sensitive User and Driver Data

India’s Rapido Website Feedback Form Exposed Sensitive User and Driver Data

India’s ride-hailing platform Rapido recently patched a security vulnerability that exposed sensitive information of its users and drivers. Security researcher Renganathan P discovered the issue, which involved a website feedback form intended for collecting feedback from Rapido’s auto-rickshaw services. This flaw inadvertently exposed personal details like full names, email addresses, and phone numbers. The findings were verified by TechCrunch, which confirmed that messages submitted via the form appeared in an exposed portal.

The root of the issue lay in one of Rapido’s APIs, designed to process feedback data and forward it to a third-party service. According to the researcher, the exposed portal contained over 1,800 responses, including numerous driver phone numbers and fewer email addresses. While the platform promptly secured the portal upon being alerted, the exposure could have led to significant risks, including social engineering attacks or misuse of the data on illicit platforms like the dark web.

In response to the incident, Rapido CEO Aravind Sanka issued a statement noting that the exposed data was “non-personal in nature.” Sanka clarified that the feedback collection process involved external parties and that some unintended users accessed the survey links. The company has since taken measures to prevent similar occurrences.

The security lapse highlights the importance of robust data protection measures in platforms handling sensitive user information, especially in the rapidly expanding tech-driven service sector.

Related Articles

Telegram Achieves Profitability as Revenue Hits  Billion in 2024
Kripto

Telegram Achieves Profitability as Revenue Hits $1 Billion in 2024

Telegram has reached profitability, according to founder Pavel Durov, who shared the...

CFPB Sues Walmart Over Unauthorized Bank Accounts for Delivery Drivers
Kripto

CFPB Sues Walmart Over Unauthorized Bank Accounts for Delivery Drivers

The Consumer Financial Protection Bureau (CFPB) has filed a lawsuit against Walmart...

TuSimple’s Journey Ends with CreateAI and a New Focus on Gaming
Kripto

TuSimple’s Journey Ends with CreateAI and a New Focus on Gaming

TuSimple, the company once known for its ambitious autonomous trucking projects, has...

Metaplanet Makes Largest Bitcoin Purchase, Scooping Up 620 BTC
Kripto

Metaplanet Makes Largest Bitcoin Purchase, Scooping Up 620 BTC

Japanese investment firm Metaplanet has made its largest Bitcoin purchase to date,...